check tag input

2025-04-24 17:22:35 +02:00 · 2024-02-17 10:55:51 -06:00 · 2024-02-17 10:55:51 -06:00 · 9800a4ad4b
commit 9800a4ad4b
parent 6444fe7e94
3 changed files with 3 additions and 2 deletions
--- a/app/browse.rb
+++ b/app/browse.rb
@ -4,7 +4,7 @@ get '/browse/?' do
  @page = params[:page]
  @page = 1 if @page.not_an_integer?

-  params.delete 'tag' if params[:tag].nil? || params[:tag].strip.empty?
+  params.delete 'tag' if params[:tag].nil? || !params[:tag].is_a?(String) || params[:tag].strip.empty? || params[:tag].match?(Tag::INVALID_TAG_REGEX)

  if is_education?
    ds = education_sites_dataset
--- a/models/site.rb
+++ b/models/site.rb
@ -1093,7 +1093,7 @@ class Site < Sequel::Model

      new_tags.each do |tag|
        tag.strip!
-        if tag.match(/[^a-zA-Z0-9 ]/)
+        if tag.match(Tag::INVALID_TAG_REGEX)
          errors.add :new_tags_string, "Tag \"#{tag}\" can only contain letters (A-Z) and numbers (0-9)."
          break
        end
--- a/models/tag.rb
+++ b/models/tag.rb
@ -2,6 +2,7 @@
 class Tag < Sequel::Model
 	NAME_LENGTH_MAX = 25
 	NAME_WORDS_MAX = 1
+  INVALID_TAG_REGEX = /[^a-zA-Z0-9 ]/
  many_to_many :sites

  def before_create